Cybersecurity for broadcast media organisations and professionals

Cybersecurity is an increasingly important domain today. Cyber-attacks are increasing all the time, and they are becoming more sophisticated. Media organisations around the world, many of them leading service providers, are spending significant resources to combat cyber-attacks, and yet the number of attacks continues to rise.

Threats are also continuing to increase in both volume and sophistication. The impact is that countries across the world are concerned about breaches of cybersecurity, which could prejudicially impact their sovereignty and their national security. Consequently, cybersecurity law, as a discipline, has emerged.

This article aims to outline emerging issues around cybersecurity for media operations. How are certain terms defined in the discipline of cybersecurity? What is the significance of cybersecurity and connected issues for media? How significant is this new discipline of cybersecurity law likely to be in the coming times? This article attempts to describe complicated technical issues connected with cybersecurity concerns of computer networks and computer systems used in media operations.

ABU activities

During the Asia-Pacific Broadcasting Union (ABU) Digital Broadcasting Symposium 2017, the challenges and issues surrounding cyber attacks were discussed. The European Broadcasting Union (EBU), a sister union of ABU, shared the work it has done to educate and mitigate vulnerabilities due to cyber threats.

In my opinion, cyber­security needs an approach which addresses three facets: people (human resources), organisation and infrastructure. The sense of urgency for cybersecurity has increased due to the emergence of IP everywhere in the media value chain.

Media professionals need to act swiftly as expanding globalisation and new business and business models involve changing global regulatory frameworks, greater sanctions and penalties, intense media and social media focus on privacy and security breaches, and the need for companies to protect IP from violating fundamental rights to privacy.

There are heightened concerns over cyber-attacks; the need to balance privacy rights against the reporting of cyber-attacks, intrusive technology accessing personal data, with new technology driving the importance of privacy considerations (cloud, IoT) and moves towards data sovereignty versus cross-border flows.

Various aspects must be addressed to understand vulnerabilities and attacks. They are:

Distributed denial-of-service (DDoS)

Connected devices

Vendor system vulnerabilities

Malware attacks

Ransomware attacks

The cloud

With Integrated Broadcast Broadband (IBB) systems and connected media devices, security may be loosely organised (presenting vulnerabilities that are easy to attack) and leaving room for simple attacks.

Some basics of cyber security for media

Malware can be defined as malicious software or a programme code designed to harm a computer or its data.
In August 2009, attackers shut down Twitter for nearly three hours, leaving 44 million ‘tweeters’ worldwide out of touch. If that does not sound like a big deal, imagine broadcast services such as CNN or Fox News being driven off the air for an afternoon.

A bot network is a collection of remotely controlled bots. Hackers often use bot networks to launch attacks against other computers. Once a hacker has assembled a bunch of machines compromised with bots, the hacker has literally an army of “bots” that can be used to attack other machines. Frequently, the bots execute a denial-of-service (DoS) attack where so many compromised machines try to connect to a single website that the site itself crashes.

In this type of attack, the goal is to flood the target machine with data packets. The data transmitted is usually harmless in itself, but the large amount of traffic consumes the target machine’s bandwidth. In using up the Internet resources available to the target machine, it is prevented from being able to communicate properly. The end-result is the same in all cases. Legitimate users are denied service because of all the bogus traffic.

EBU recommendations

The EBU has published five recommendations and is currently working on its sixth recommendation on cloud security. The first five published recommendations address the following areas and can be downloaded on the EBU website:

R141 – Mitigation of distributed denial-of-service (DDoS) attacks – A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more Web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.

R142 – Cybersecurity on Connected TVs

R143 – Cybersecurity for media vendor systems, software and services

R144 – Cybersecurity governance for media companies

R145 – Mitigating ransomware and malware attacks

R146 – The cloud security recommendation will cover the different perspectives of cloud, including:

Procedural considerations, including procurement and the definition of business requirements.

Service architectural considerations, including the description of cloud delivery models and overview of “shared responsibilities”, and the required security functionalities to meet security needs (cloud WAF, cloud networking, cloud hardening, cloud identity management and so on), as well as best practices.

An approach for performing a cloud service provider assessment including linkage to existing assessments, data privacy limitations and the impact of existing certifications.

WBU-TC activities

The World Broadcasting Union technical committee (WBU-TC) has been working on pooling knowledge and learning to propose best practices, share information on vulnerabilities and make recommendations to media organisations and professionals. It also informs vendors that they also have a responsivity, as future systems will be mainly software-defined.

Actions to mitigate

We can carry out various actions to mitigate possible damage due to cyber-attacks, of which the following are fundamental:

Security Standards

Best Practices

Governance

Recommendations

However, training staff on procedures and increasing the number of security professionals may not be enough to redress the balance, given the prevalence and the nature of emerging attacks, many of which are automated and require automated responses. Service providers and other organisations are turning to technology to deliver such responses, using encryption and sandboxing technologies to protect data from intrusions, and ultimately from data losses.

Sandboxing is often used as a defence against email-borne threats, and offers an isolated environment where suspicious code can be tested and observed. Encryption is the most effective way of protecting data, but just under half of all online traffic is encrypted, partly due to issues concerning authentication.

Collaboration is a key approach, and another way service providers can respond to the evolving threat environment is by learning to collaborate more closely and share intelligence about threats.

In design and architecture, it is required to make clear boundaries between production areas and general office networks. This becomes harder to manage when operations are moved to the public cloud as clear isolation is not possible — the workflows need to be isolated using cybersecurity layers.